From The Blog

Displaying items by tag: Hacking

Social engineering efforts via voice calls (Vishing) is nothing new. The use of phone calls for malicious activity is pretty old and include such popular scams as extended car warranties, IRS collection attempts, and the ever popular “there is a complaint against you”. These are just a few of the consumer scams that have been in play and are still in play. On the corporate side there are even more which target general employees and support personnel to either gain entry or enable some form of financial fraud. Sadly, this pivot is also seriously under managed by most organizations, with few providing any preventative training and most not testing this attack vector to determine exposure.

Published in News

Last week Progress Software, the company behind MOVEit file transfer software, announced another SQL injection flaw had been identified and patched. This flaw is just the latest in a series of vulnerabilities that have been identified in the application after the Cl0p ransomware group was found to have exploited a different SQL injection flaw to steal data from multiple MOVEit users. The attacks started in late 2022, but the Cl0p group might have been testing different entry points as far back as June 2022.

Published in News

It has been a few days since we talked about NPM and node.js. The popular repository has been taking a bit of a beating in recent months as attackers, hacktivists, and others seek to compromise their packages as part of a general supply chain attack. Supply chain attacks are in vouge right now and are part of the reason you might be seeing the acronym SBOM (Software Build of Materials) so much. Sure, SBOM is not a new term, but the push for it and the rise of an entire vertical in the cybersecurity industry is new and should be a bit of an indicator that there is a problem.

Published in News

Remember the iMessage flaw that allowed for a zero click installation of malware? You know, the one that was discovered by Russian cybersecurity firm Kaspersky which was allegedly targeting Russian Apple devices? The one that Russia said was a US cyber op? Yeah, that one. Well, it seems that Apple has rolled out a patch for this flaw which was part of an operation dubbed Triangulation with the backdoor actually being called TriangleBD.

Published in News

Microsoft’s Azure AD, the cloud-based flavor of the on-premises service is an interesting construct. On the surface you think that it has some decent protections enabled by default. The sad truth of the matter is that this is not the case and many options for security are very lacking until you hit much higher security levels. If you add to this equation the likelihood of vulnerabilities and other flaws that can allow an attacker to bypass the security options that are already there it is a bit of a mess. This wonderful thought is what brings us to today’s flaw. According to security researchers, there is a flaw in how Microsoft Azure AD processes its implementation of OAuth (Open Authentication).

Published in News

As I have often said, the idea that an operating system, or brand of computer is somehow immune to attack or malware is just a false one. We have seen time and time again where attackers are all too capable of compromising what was once considered “secure”. Now security researchers have found evidence of a sophisticated cross platform toolkit which could indicate an increased focus on macOS.

Published in News

According to a statement that Microsoft released on Friday, several outrages in their Azure environment were caused by a large-scale Distributed Denial of Service attack. The attack began in early June 2023 when “surges in traffic” began causing availability impacts. Microsoft began an investigation into the incident and are now tracking a potentially new threat group (Storm-1359). The new group is using a somewhat different attack vector although most of the moving parts behind the attack are common.

Published in News

There is a new threat in town from the ChamelGang. This new threat is a Linux backdoor that just been identified and shows that the threat group is expanding their capabilities. Identified by Stairwell and dubber ChamelDoH (for DNS over HTTPS), this new malware is written in C++, which is not all that unusual even if the method of communication is not completely normal. ChamelGang was first identified in 2021 and was associated with attacks on energy, fuel, and aviation industries in multiple countries including the US, Russia, Nepal, Japan, Taiwan, and India.

Published in News

A 20-year-old Russian National Magomedovich Astamirov was arrested in Arizona and had his initial appearance in court yesterday. The arrest and charges come after a lengthy investigation into the Ransomware as a Service Group, LockBit. This is the second arrest in six months related to the group’s activities with a third warrant/indictment issued for another individual, Mikhail Pavlovich Matveev, who is still at large. According to the DOJ press release Astamirov is suspected of conspiring with other LockBit members to attack multiple organizations in the US and around the globe. Astamirov is believed to have managed various IP and Email addresses used for ransomware deployment and communication with the victims of attacks.

Published in News

Here we are with another story about MOVEit and just how bad things have gotten for the Managed File Transfer application and their parent company Progress Software. The group behind the attack, Cl0p ransomware gang, has started to extort the companies that they stole data from. They have listed the names of companies on their data leak site, in the same manner they would for ransomware victims after failing to pay. We know that someone (Cl0p has taken credit) was able to finally exploit a zero-day in the software after about a year of tinkering with the flaw and months of access.

Published in News
Page 3 of 28